Legal Policies
Security and Compliance Policy
ThriveHub Security and Risk Focus
ThriveHub is committed to safeguarding our customers’ data. We have invested in robust security controls to protect and serve our customers, implementing dedicated corporate, product, and infrastructure security programmes. Our Legal Team, in collaboration with other departments, oversees the implementation of these security measures.Our Security and Compliance Objectives
ThriveHub’s security framework aligns with industry best practices. Our key objectives include:- Customer Trust and Protection: Ensuring superior products and services while maintaining data privacy and confidentiality.
- Availability and Continuity of Service: Guaranteeing high availability and minimising risks to service continuity.
- Information and Service Integrity: Preventing unauthorised corruption or alteration of customer information.
- Compliance with Standards: Striving to meet or exceed industry-standard best practices.
ThriveHub Security Controls
Infrastructure Security
Cloud Hosting Provider
ThriveHub does not host product systems or data within its physical offices. Instead, we utilise leading cloud infrastructure providers such as Google Cloud Platform and Amazon Web Services (AWS). Our infrastructure is located in the United States, relying on Google’s and AWS’s audited security and compliance programmes for physical, environmental, and infrastructure security.- Google Cloud Platform: Provides a minimum uptime of 99.5%.
- AWS: Guarantees 99.95% to 100% reliability, with independently validated business continuity and disaster recovery plans.
Network and Perimeter Security
ThriveHub enforces multiple layers of filtering and inspection across its infrastructure:- Firewalls and Access Controls: Unauthorised access is prevented through network-level access control lists.
- Change Control Processes: Modifications to network and perimeter systems follow strict change control procedures.
- Periodic Reviews: Firewall rulesets are reviewed regularly to ensure only necessary connections remain active.
Configuration Management
Automation underpins ThriveHub’s ability to scale while maintaining security:- Automated Infrastructure: Server configurations are embedded in configuration files, ensuring rapid and controlled provisioning.
- Baseline Configuration Monitoring: Any deviations from baseline configurations are automatically reverted within 30 minutes.
- Patch Management: Updates are deployed through automated configuration tools.
Logging and Monitoring
- Comprehensive Logging: Security-relevant logs are indexed and stored securely in ThriveHub’s cloud environment.
- Automated Monitoring and Alerting: Continuous monitoring alerts teams to anomalies such as application attacks, abuse scenarios, and other risks.
Application Security
Web Application Defences
ThriveHub protects customer content with advanced security measures:- Firewall and Application Security: Continuous monitoring detects and blocks malicious behaviour.
- OWASP Compliance: Security rules align with OWASP Top 10 recommendations.
- DDoS Protection: Mitigates distributed denial-of-service attacks to ensure service availability.
Development and Release Management
ThriveHub employs a modern continuous delivery approach:- Code Reviews and Testing: All code undergoes rigorous review and static analysis before deployment.
- Automated Deployment: New features are tested in a dedicated QA environment before being pushed to production.
- Feature Gating: New features can be rolled out gradually to customers.
Vulnerability Management
ThriveHub employs multiple layers of vulnerability management:- Regular Scans: Automated scanning tools detect vulnerabilities in real time.
- Annual Penetration Testing: External audits identify security risks.
- Prioritised Mitigation: Identified vulnerabilities are assessed and addressed based on risk level.
Customer Data Protection
Data Classification
Customers are responsible for ensuring that only appropriate information is captured within ThriveHub. Sensitive data, such as credit card numbers and social security numbers, should not be stored in the platform.Tenant Separation
ThriveHub employs logical data separation mechanisms:- Unique IDs: Customer data is logically segregated.
- Authorisation Rules: Access to customer data is continuously validated.
Encryption
- Data in Transit: Encrypted using TLS 1.2 or higher.
- Data at Rest: Protected using industry-standard encryption methodologies.
Backup Protections
- Access Control Restrictions: Ensures secure backup storage.
- WORM Protections: Backups cannot be altered after being written.
Customer Data Backup Restoration
Customers can recover deleted contacts, opportunities, and other key data within 30 days. Additional data backup and synchronisation options are available through ThriveHub’s export tools and public APIs.Identity and Access Control
Product User Management
Customers have full control over user roles and permissions within their ThriveHub accounts.Product Login Protections
- Password Policies: Minimum of 8 characters with a mix of upper/lower case letters, numbers, and special characters.
- Two-Factor Authentication: Mandatory for all users, with administrators able to enforce compliance.
- Access Reviews: Employee access to internal systems is reviewed semi-annually to ensure necessity.
Organisational and Corporate Security
Background Checks and Onboarding
- Pre-Employment Screening: Third-party background checks are conducted before hiring.
- Policy Acknowledgement: New employees must read and acknowledge security policies.